\section{Introduction}
\label{sec:intro}


Fleet management and mobile device inter-communication, is an important
component of the intelligent transportation system (ITS) architecture. It
enables a user to communicate with his mobile devices if an action is required,
or even to check device¢s status. Furthermore, device can inform the user if an
emergency situation occurs. Thus, information gathering help us reventing
unpleasant situations. However, anything that includes sensitive information is
subjected to attacks.

However, security is crucial in these types of networks, proper design and
implementation is still challenging. For example, it is essential to make sure
that life critical information cannot be compromised by an attacker; however at
the same time the system should not sacrifice features such as direct
information exchange between nodes without using a trusted third party for data
transfer. 

For the above reasons, we implement a point-to-point network with
every node assigned to a public Internet Protocol Address (IP). Moreover our
system is equipped with features such as SQL database, web site, OCSP supported
etc. Our purpose for creating this paper is to explore and evaluate security
related topics about node management and inter-communication. We make the
following contributions towards of securing the management and communication
system:



We make the following contributions towards of securing the management and
communication system:

\begin{itemize}

\item We provide an architecture for secure management and communication of a
fleet of vehicles.

\item We use Public Key Infrastructure (PKI) and  X509
certificates~\cite{nortel96parti}.

\item We analyze the challenges and the limitations of using PKI in our
architecture.

\end{itemize}

The rest of this paper is organized as follows. Section~\ref{sec:security}
presents the security aspects of the fleet management and inter-communication
of the distributed system. Section~\ref{sec:design} presents our proposed
design for securing the system. Section~\ref{sec:implementation} presents our
methodology and platform for the example implementation of the secure system.
Sections~\ref{sec:limitations} presents the limitations of our proposition.
In Section~\ref{sec:related} we discuss related work. Finally, we draw our
conclusions and discuss future directions in Section~\ref{sec:conclusions}.


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


\section{Security Aspects} \label{sec:security}

In this section we describe the security threats facing this type of networks.
Since we cannot analyze in detail all the possible attacks that an
attacker can issue we provide a general classification list of attacks that we have
identified so far. Next we must define the attacker.

First an attacker can be either an insider or outsider. The insider is an
authenticated member of the network that can communicate with other members
(possesing valid certified public key). The outsider is considered by the network
members as an intruder and hence his power is limited. Second an attacker can
be active or passive. An active attacker can generate packets or signals,
whereas a passive attacker contents himself with eavesdropping.


As the report~\cite{Ruby97stateof} there are many different types
of attack that someone can issue:

\begin{itemize}

\item  \emph{Denial of Service:} pertains to any action or series of actions
that prevent any part of a system from functioning as intended. For example
someone can bombarding an subsystem with message traffic and prevents
authorized and sometimes critical messages from passing through.

\item \emph{Disclosure:} acquisition of sensitive information through
unauthorized channels such as users, processes, or other systems. 

\item \emph{Manipulation:} modification of system information whether being
processed, stored, or transmitted. 

\item \emph{Masquerading:} an unauthorized user or process to gain access to a
system by posing as an authorized entity.

\item \emph{Replay:} re-transmission of valid messages under invalid
circumstances to produce unauthorized effects.

\item \emph{Repudiation:} successful denial of an action, allows either the
sender or receiver to deny the action occurred.


\end{itemize}



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%





